Cyber Risk Defense Consultant V - Splunk Administrator

Job Summary:
The Splunk Systems Administrator & Developer is responsible for maintaining and administering servers and infrastructure supporting Kaiser Permanente's Security Information & Event Management platform as well as Splunk administration and Splunk development activities. The position requires the individual to be a highly knowledgeable with Splunk Enterprise. The Splunk Systems Administrator is responsible for administering the Splunk Enterprise, Unix administration, Splunk integration management/data onboarding, Splunk user provisioning, and troubleshooting and supporting Splunk Universal Forwarders. The Splunk Developer is responsible for performing advanced Splunk analytics and development of capability supporting cyber threat and clinical privacy detections.
This senior level employee is primarily responsible for overseeing the maintenance and protection of integrity and reliability of the security of data, systems and networks.

Essential Responsibilities:

• Conducts or oversees business-specific projects by applying deep expertise in subject area; promoting adherence to all procedures and policies; developing work plans to meet business priorities and deadlines; determining and carrying out processes and methodologies; coordinating and delegating resources to accomplish organizational goals; partnering internally and externally to make effective business decisions; solving complex problems; escalating issues or risks, as appropriate; monitoring progress and results; recognizing and capitalizing on improvement opportunities; evaluating recommendations made; and influencing the completion of project tasks by others.
• Practices self-leadership and promotes learning in others by building relationships with cross-functional stakeholders; communicating information and providing advice to drive projects forward; influencing team members within assigned unit; listening and responding to, seeking, and addressing performance feedback; adapting to competing demands and new responsibilities; providing feedback to others, including upward feedback to leadership and mentoring junior team members; creating and executing plans to capitalize on strengths and improve opportunity areas; and adapting to and learning from change, difficulties, and feedback.
• Leads team in the proactive monitoring and/or response to known or emerging threats against the KP network.
• Effectively communicates investigative findings to non-technical audiences.
• Plans and facilitates regular operations meeting with Cyber Risk Defense Center (CRDC) teams.
• Supports closed loop processes on security efforts by providing feedback to the TDA leads and/or leadership.
• Participates in information fusion procedures across operations and engineering, including activities such as Use Case planning/development, Use Case quality assurance validation, and response procedure documentation.
• Serves as a liaison between stage teams and upper management by identifying issues, improvement areas, or security/architectural gaps and suggesting appropriate improvements.
• Drives the development of the CRDC intellectual capital by leading process or procedure improvements, consulting on brown bag training sessions, and leading the development of new training documents.
• Partners with the CRDC Policy Engineers and Remediation teams to contain identified issues and determine the best approach for improving security posture.
• Facilitates follow-up remediation design and review efforts.
• Leads the investigation and triage of security events across multiple domains.
• Leads complex data analyses in support of security event management processes, including root cause analysis.
• Coordinates the response and resolution of high impact or critical cyber security incidents.
• Leads the deployment of threat detection capabilities and/or incident response plans which may include after-hours support and coordination among responsible teams.
• Drives the execution of incident detection and/or handling processes which may include containment, protection, and remediation activities.

Minimum Qualifications:

• Minimum two (2) years in an informal leadership role working with project or technical teams.
• Bachelors degree in Business Administration, Computer Science, Social Science, Mathematics, or related field and Minimum eight (8) years experience in IT or a related field, including Minimum two (2) years in information security or network engineering. Additional equivalent work experience may be substituted for the degree requirement.

Additional Requirements:
Preferred Qualifications:

• One (1) year supervisory experience
• Two (2) years of work experience in a role requiring interaction with senior leadership (e.g., Director level and above)
• Knowledge and professional enterprise experience supporting Splunk Enterprise and Splunk Cloud environments.
• Possess Splunk Architect and/or Splunk Administration Certification(s).
• Possess software development skills creating AI and ML models and detections.
• Professional experience and administration of large-scale Linux/Unix deployments.

Primary Location: Colorado,Greenwood Village,Greenwood Plaza IT
Additional Locations:

Pleasanton Tech Cntr Building A, 4460 Hacienda Dr. Bldg. A, Pleasanton,California, 94588
Corona Data Center Admin, 1830 California Ave., Corona,California, 92881
6000 Meadows 6000 SW Meadows Rd., 6000 SW Meadows Rd., Lake Oswego,Oregon, 97035
Pershing Point Plaza IT, 1375 Peachtree St. NE, Atlanta,Georgia, 30309
New Carrollton Administration, 4000 Garden City Dr., Hyattsville,Maryland, 20785
Renton Administration - Adams, 2921 Naches Ave. SW, Renton,Washington, 98057
Hawaii Remote Workers Location, 415 S Beretania St, Honolulu,Hawaii, 96813
Scheduled Weekly Hours: 40
Shift: Day
Workdays: Mon, Tue, Wed, Thu, Fri
Working Hours Start: 08:00 AM
Working Hours End: 05:00 PM
Job Schedule: Full-time
Job Type: Standard
Worker Location: Remote
Employee Status: Regular
Employee Group/Union Affiliation: NUE-IT-01|NUE|Non Union Employee
Job Level: Individual Contributor
Department: KPIT ADMIN - CYBER THREAT - 9601
Pay Range: $153500 - $198550 / year Kaiser Permanente is committed to pay equity and transparency. The posted pay range is based on possible base salaries for the role and does not include the value of our total rewards package. Actual pay determined at offer will be based on years of relevant work experience, education, certifications, skills and geographic location along with a review of current employees in similar roles to ensure that pay equity is achieved and maintained across Kaiser Permanente.
Travel: No Kaiser Permanente is an equal opportunity employer committed to fair, respectful, and inclusive workplaces. Applicants will be considered for employment without regard to race, religion, sex, age, national origin, disability, veteran status, or any other protected characteristic or status.